1290 matches found
CVE-2018-8768
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...
PYSEC-2018-57
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...
DEBIAN-CVE-2018-8768
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...
CVE-2018-8768
CVE-2018-8768 affects Jupyter Notebook up to version 5.4.1. A maliciously forged notebook can bypass sanitization, allowing JavaScript execution in the notebook context due to how invalid HTML is fixed by jQuery after sanitization (XSS risk). The issue is documented in multiple advisories (Debian...
CVE-2018-8768
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...
CVE-2018-8768
In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...
Jupyter Notebook -- vulnerability
MITRE reports: In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...
Remote Code Execution (RCE)
Jupyter notebook is vulnerable to remote code execution RCE attacks. A malicious user can pass a HTML/SVG file to the application to inject and execute arbitrary javascript code to the notebook server...
HP Notebook SynTP.sys File Keylogging Code Debugging Vulnerability
The SynTP.sys file is part of the Synaptics touchpad driver that comes with some HP notebook models. The HP laptop SynTP.sys file keylogger code debugging vulnerability can be exploited by an attacker to abuse the debugging code of the keylogger component, e.g., a malware developer can enable...
notebook-laden.de XSS vulnerability
Open Bug Bounty ID: OBB-409819 Description| Value ---|--- Affected Website:| notebook-laden.de Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...
arp.nl XSS vulnerability
Vulnerable URL: https://www.arp.nl/hp-probook-470-g4-notebook-y8a89et-ab'%22%3E%3Cimg%20src=x%20onerror=alert'OPENBUGBOUNTY'%3E%3C!-- Details: Description| Value ---|--- Patched:| No Latest check for patch:| 14.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...
HPSBHF03560 rev 1 - Possible Elevation of Privilege and Information Disclosure via Intel® Software Guard Extensions (Intel® SGX) Vulnerability
Potential Security Impact Elevation of privilege, information disclosure Source: Intel Reported by: Intel VULNERABILITY SUMMARY Intel has discovered a vulnerability that could impact the security of Intel® Software Guard Extensions Intel® SGX. Before exploiting this vulnerability, the malicious...
CVE-2017-3754
Some Lenovo brand notebook systems do not have write protections properly configured in the system BIOS. This could enable an attacker with physical or administrative access to a system to be able to flash the BIOS with an arbitrary image and potentially run malicious BIOS code...
CVE-2017-3754
The CVE-2017-3754 entry relates to Lenovo notebook BIOS write protections not being properly configured, allowing an attacker with physical or administrative access to flash an arbitrary BIOS image and potentially run malicious BIOS code. Connected documents corroborate a BIOS write-protection co...
Cross-Site Request Forgery (CSRF)
Jupyter notebook is vulnerable to cross-site request forgery CSRF attacks. It does not properly check the CSRF token and set authorization header. Attackers could create untitled files and start kernels no remote execution or modification of existing files for users of certain browsers Firefox,...
Lenovo Notebook and ThinkServer Local Elevation of Privilege Vulnerability
Lenovo Notebook and ThinkServer are both products of the Chinese company Lenovo. The former is a line of laptops and the latter is a line of servers. A local elevation of privilege vulnerability exists in the Lenovo Notebook and ThinkServer systems. An attacker could exploit this vulnerability to...
Intel Management Engine protection not set on some Lenovo Notebook and ThinkServer systems - Lenovo Support US
No description provided...
HPSBHF3549 rev.2 - ThinkPwn UEFI BIOS SmmRuntime Escalation of Privilege
Potential Security Impact System downtime, or privilege escalation. Source:HP, HP Product Security Response Team PSRT Reported by: Dmytro Oleksiuk VULNERABILITY SUMMARY A security vulnerability identified with UEFI firmware, dubbed ThinkPwn, has been addressed in certain HP commercial notebook PC...
SuperFish Vulnerability
Lenovo Security Advisory: LEN-2015-010 Potential Impact: Man-in-the-Middle Attack Severity: High Summary: This advisory only applies to Lenovo Notebook products. ThinkPad, ThinkCentre, Lenovo Desktop, ThinkStation, ThinkServer and System x products are not impacted. SuperFish was previously...
SuperFish Vulnerability - Lenovo Support US
No description provided...